彙總 changeweb 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本 等問題,部分漏洞可能導致 工作階段劫持,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-46204 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint. | [email protected] | 6.5 | 0.34% | 2025-06-04 | 2026-06-17 |
| CVE-2025-46203 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint. | [email protected] | 6.5 | 0.32% | 2025-06-04 | 2026-06-17 |
| CVE-2025-25621 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1. | [email protected] | 4.3 | 0.36% | 2025-03-17 | 2026-06-17 |
| CVE-2025-25618 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. | [email protected] | 3.3 | 0.38% | 2025-03-17 | 2026-06-17 |
| CVE-2025-25620 | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. | [email protected] | 5.4 | 0.52% | 2025-03-10 | 2026-06-17 |
| CVE-2025-25614 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. | [email protected] | 8.8 | 0.69% | 2025-03-10 | 2026-06-17 |
| CVE-2025-25616 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | [email protected] | 4.3 | 0.39% | 2025-03-10 | 2026-06-17 |
| CVE-2025-25615 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | [email protected] | 2.7 | 0.45% | 2025-03-10 | 2026-06-17 |
| CVE-2024-53573 | Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}. | [email protected] | 9.8 | 0.50% | 2025-02-26 | 2026-06-17 |